20 matches found
VulnCheck KEV: CVE-2025-27222
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file...
EUVD-2025-36211
TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internaladmincontactlogin.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers...
EUVD-2025-36214
TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to...
CVE-2025-27225
TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internaladmincontactlogin.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers...
EUVD-2022-29772
Malicious code in bioql PyPI...
EUVD-2022-29771
Malicious code in bioql PyPI...
CVE-2022-25026
A Server-Side Request Forgery SSRF in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...
CVE-2022-25027
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked...
CVE-2022-25027
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked...
CVE-2022-25026
A Server-Side Request Forgery SSRF in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...
CVE-2022-25026
A Server-Side Request Forgery SSRF in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...
Server side request forgery (ssrf)
A Server-Side Request Forgery SSRF in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...
CVE-2022-25026
A Server-Side Request Forgery SSRF in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...
Rocket Software TRUfusion 授权问题漏洞
Rocket Software TRUfusion is a simple, cost-effective solution from Rocket Software USA, Inc. It is used to ensure the secure exchange of CAD files and design data in PLM systems. A security vulnerability exists in Rocket Software TRUfusion Portal version v7.9.2.1, which originated from a...
CVE-2022-25026
A Server-Side Request Forgery SSRF in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...
PT-2023-12775 · Rocket · Rocket Trufusion Portal
Name of the Vulnerable Software and Affected Versions: Rocket TRUfusion Portal version 7.9.2.1 Description: A Server-Side Request Forgery SSRF issue allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...
PT-2023-12776 · Rocket · Rocket Trufusion Portal
Name of the Vulnerable Software and Affected Versions: Rocket TRUfusion Portal version 7.9.2.1 Description: The issue concerns the Forgotten Password functionality, which allows remote attackers to bypass authentication. This is achieved by validating the user's session token when the "Password...
Rocket Software TRUfusion 代码问题漏洞
Rocket Software TRUfusion is a simple, cost-effective solution from Rocket Software USA, Inc. It is used to ensure the secure exchange of CAD files and design data in PLM systems. A security vulnerability exists in Rocket Software TRUfusion Portal version v7.9.2.1, which originates from server-si...
CVE-2022-25027
The CVE-2022-25027 entry concerns Rocket TRUfusion Portal v7.9.2.1, where the Forgotten Password flow can bypass authentication by validating the user’s session token after clicking the Password forgotten?; this is described across multiple sources (NVD, Red Hat CVE entries, OSV) as an authentica...
CVE-2022-25026
CVE-2022-25026 is a Server-Side Request Forgery in Rocket TRUfusion Portal v7.9.2.1. An attacker can trigger requests to /trufusionPortal/upDwModuleProxy to access internal resources. CVSS v3.1 base score 7.5 (HIGH); vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. No exploitation details or remediati...